Table of Contents

Step 1: Choose a phrase

You can create a more secure password by starting with a simple phrase. For example, let's use a quote from Ogden Nash: "Happiness is having a scratch for every itch."

If we use the first letter of each word, and substitute 4 for "for", we get:

Hihas4ei

Step 2: Add special characters

This is a reasonably strong password but we can improve it a bit by adding some special characters:

#Hihas4ei:

Step 3: Associate it with a website

We can use our new password on several different websites by adding a prefix or suffix with a mnemonic link to a particular site. Let's use the first letter and the next two consonants in the site name.

Just to add a bit more randomness we'll alternate upper-case and lower case, and if the first character in the site name is a vowel we'll start with upper-case. To mix things up a bit more we'll use the same rule to decide whether to add the site mnemonic to the left side or the right side.

#Hihas4ei:AmZ for AmazonfCb#Hihas4ei: for Facebook#Hihas4ei:YtB for YouTubedRm#Hihas4ei: for Drumbeat

This is just one possible rule for picking the prefix or suffix that you use to customize your password for each web site. Reversing the order of the letters in the suffix, using only vowels, only consonants, or adding some other characters that come to mind when you think about the web site are all possible approaches that will improve security.

While this technique lets us reuse the phrase-generated part of the password on a number of different websites, it would still be a bad idea to use it on a site like a bank account which contains high-value information. Sites like that deserve their own password selection phrase.

Try It Yourself!

Take a moment to think of a phrase that's meaningful to you. Use that phrase to create a secure password that you can customize for each website you visit.

For more information on choosing secure passwords, check out the blog post on Shiny Pebbles.

Mozilla offers this guide as a public service. No approach to security can guarantee 100% security, and nothing in this publication is meant to provide any warranty or guarantee of the security of your passwords.

Some websites may not allow the use of some or all special characters. Please be aware of what special characters are allowed to be used.